Recently I was on a website which provided some non-sense feature:
- Enter a URL
- Press enter
- HTML source of a given URL is displayed
It basically fetched a URL and just dumped the contents of it. It could be XML, txt, HTML, any reachable path via curl.
Now it struck me that this should be quite dangerous, am I right?
I have no Linux at hand and I could not find this site but a quickly hacked PHP page on my Windows machine happily consumed the URL:
and presented it to me. Wouldn't this basically allow an attacker to roam the machine the script is running on? Would this URL
work on linux?
Is there some other obvious issues with that?
Impersonating someone else accessing other resources via schemes like POP3, LDAP, smb?
While writing this I asked myself whether white-listing schemes to HTTP[S] and maybe FTP would fix those issues?
I still would be able to impersonate a visitor on a site via this page but I am not aware of any issues except visiting illegal content or probably bypass things like censoring.